From a822ea738c7a2d29612135d323ded7bf9d1a280d Mon Sep 17 00:00:00 2001 From: Alexander Bocken Date: Sat, 10 Jan 2026 17:49:47 +0100 Subject: [PATCH] chore: update @auth/sveltekit to v1.11.1 and remove direct @auth/core dependency MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Updated authentication packages to latest versions for security fixes: - @auth/sveltekit: 1.10.0 → 1.11.1 (includes nodemailer security fix) - @auth/core: removed from devDependencies (transitively pulled as 0.41.1) Changed imports to use @auth/sveltekit/providers instead of @auth/core/providers and removed unused imports from hooks.server.ts. --- package.json | 3 +-- pnpm-lock.yaml | 25 +++++++++++-------------- src/auth.ts | 2 +- src/hooks.server.ts | 5 ----- 4 files changed, 13 insertions(+), 22 deletions(-) diff --git a/package.json b/package.json index e2c9084..0d9fc0d 100644 --- a/package.json +++ b/package.json @@ -18,7 +18,6 @@ }, "packageManager": "pnpm@9.0.0", "devDependencies": { - "@auth/core": "^0.40.0", "@playwright/test": "^1.56.1", "@sveltejs/adapter-auto": "^6.1.0", "@sveltejs/kit": "^2.37.0", @@ -37,7 +36,7 @@ "vitest": "^4.0.10" }, "dependencies": { - "@auth/sveltekit": "^1.10.0", + "@auth/sveltekit": "^1.11.1", "@sveltejs/adapter-node": "^5.0.0", "chart.js": "^4.5.0", "cheerio": "1.0.0-rc.12", diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 6387271..0cf2105 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -9,8 +9,8 @@ importers: .: dependencies: '@auth/sveltekit': - specifier: ^1.10.0 - version: 1.10.0(@sveltejs/kit@2.37.0(@sveltejs/vite-plugin-svelte@6.1.3(svelte@5.38.6)(vite@7.1.3(@types/node@22.18.0)))(svelte@5.38.6)(vite@7.1.3(@types/node@22.18.0)))(svelte@5.38.6) + specifier: ^1.11.1 + version: 1.11.1(@sveltejs/kit@2.37.0(@sveltejs/vite-plugin-svelte@6.1.3(svelte@5.38.6)(vite@7.1.3(@types/node@22.18.0)))(svelte@5.38.6)(vite@7.1.3(@types/node@22.18.0)))(svelte@5.38.6) '@sveltejs/adapter-node': specifier: ^5.0.0 version: 5.3.1(@sveltejs/kit@2.37.0(@sveltejs/vite-plugin-svelte@6.1.3(svelte@5.38.6)(vite@7.1.3(@types/node@22.18.0)))(svelte@5.38.6)(vite@7.1.3(@types/node@22.18.0))) @@ -33,9 +33,6 @@ importers: specifier: ^0.33.0 version: 0.33.5 devDependencies: - '@auth/core': - specifier: ^0.40.0 - version: 0.40.0 '@playwright/test': specifier: ^1.56.1 version: 1.56.1 @@ -102,12 +99,12 @@ packages: '@asamuzakjp/nwsapi@2.3.9': resolution: {integrity: sha512-n8GuYSrI9bF7FFZ/SjhwevlHc8xaVlb/7HmHelnc/PZXBD2ZR49NnN9sMMuDdEGPeeRQ5d0hqlSlEpgCX3Wl0Q==} - '@auth/core@0.40.0': - resolution: {integrity: sha512-n53uJE0RH5SqZ7N1xZoMKekbHfQgjd0sAEyUbE+IYJnmuQkbvuZnXItCU7d+i7Fj8VGOgqvNO7Mw4YfBTlZeQw==} + '@auth/core@0.41.1': + resolution: {integrity: sha512-t9cJ2zNYAdWMacGRMT6+r4xr1uybIdmYa49calBPeTqwgAFPV/88ac9TEvCR85pvATiSPt8VaNf+Gt24JIT/uw==} peerDependencies: '@simplewebauthn/browser': ^9.0.1 '@simplewebauthn/server': ^9.0.2 - nodemailer: ^6.8.0 + nodemailer: ^7.0.7 peerDependenciesMeta: '@simplewebauthn/browser': optional: true @@ -116,13 +113,13 @@ packages: nodemailer: optional: true - '@auth/sveltekit@1.10.0': - resolution: {integrity: sha512-nTKS3FoFvgdqUwb7a8HZpLxDlx+pHndygcodM16J/iFHbe/0wha0MUCuTkVeUYZuKwL63L2ujmMAC1WEoki2+g==} + '@auth/sveltekit@1.11.1': + resolution: {integrity: sha512-cWNfXcKrNIVtJYOY1tq7H7m03j89Wg7xrTvOJALu18fZdYulzYCPIAdTw8XSEzOp6KyhOGo7tmW7VtzRNtr/8Q==} peerDependencies: '@simplewebauthn/browser': ^9.0.1 '@simplewebauthn/server': ^9.0.3 '@sveltejs/kit': ^1.0.0 || ^2.0.0 - nodemailer: ^6.6.5 + nodemailer: ^7.0.7 svelte: ^3.54.0 || ^4.0.0 || ^5.0.0-0 peerDependenciesMeta: '@simplewebauthn/browser': @@ -1576,7 +1573,7 @@ snapshots: '@asamuzakjp/nwsapi@2.3.9': {} - '@auth/core@0.40.0': + '@auth/core@0.41.1': dependencies: '@panva/hkdf': 1.2.1 jose: 6.1.0 @@ -1584,9 +1581,9 @@ snapshots: preact: 10.24.3 preact-render-to-string: 6.5.11(preact@10.24.3) - '@auth/sveltekit@1.10.0(@sveltejs/kit@2.37.0(@sveltejs/vite-plugin-svelte@6.1.3(svelte@5.38.6)(vite@7.1.3(@types/node@22.18.0)))(svelte@5.38.6)(vite@7.1.3(@types/node@22.18.0)))(svelte@5.38.6)': + '@auth/sveltekit@1.11.1(@sveltejs/kit@2.37.0(@sveltejs/vite-plugin-svelte@6.1.3(svelte@5.38.6)(vite@7.1.3(@types/node@22.18.0)))(svelte@5.38.6)(vite@7.1.3(@types/node@22.18.0)))(svelte@5.38.6)': dependencies: - '@auth/core': 0.40.0 + '@auth/core': 0.41.1 '@sveltejs/kit': 2.37.0(@sveltejs/vite-plugin-svelte@6.1.3(svelte@5.38.6)(vite@7.1.3(@types/node@22.18.0)))(svelte@5.38.6)(vite@7.1.3(@types/node@22.18.0)) set-cookie-parser: 2.7.1 svelte: 5.38.6 diff --git a/src/auth.ts b/src/auth.ts index c6c784b..a4f7536 100644 --- a/src/auth.ts +++ b/src/auth.ts @@ -1,5 +1,5 @@ import { SvelteKitAuth } from "@auth/sveltekit" -import Authentik from "@auth/core/providers/authentik" +import Authentik from "@auth/sveltekit/providers/authentik" import { AUTHENTIK_ID, AUTHENTIK_SECRET, AUTHENTIK_ISSUER } from "$env/static/private"; export const { handle, signIn, signOut } = SvelteKitAuth({ diff --git a/src/hooks.server.ts b/src/hooks.server.ts index 5b055f8..66992f0 100644 --- a/src/hooks.server.ts +++ b/src/hooks.server.ts @@ -1,15 +1,10 @@ import type { Handle, HandleServerError } from "@sveltejs/kit" import { redirect } from "@sveltejs/kit" import { error } from "@sveltejs/kit" -import { SvelteKitAuth } from "@auth/sveltekit" -import Authentik from "@auth/core/providers/authentik" -import { AUTHENTIK_ID, AUTHENTIK_SECRET, AUTHENTIK_ISSUER } from "$env/static/private"; import { sequence } from "@sveltejs/kit/hooks" import * as auth from "./auth" import { initializeScheduler } from "./lib/server/scheduler" import { dbConnect } from "./utils/db" -import fs from 'fs' -import path from 'path' // Initialize database connection on server startup console.log('🚀 Server starting - initializing database connection...');